This blog discusses the Information Disclosure labs provided by port swigger.
Information disclosure refers to the unintentional revealing of sensitive information by a website to its users. This can range from personal details to confidential data. If an attacker gains access to this information, it can result in significant security threats. This refers to personal and financial details of individuals, as well as confidential information about businesses or the website’s structure.
While exploiting these disclosures may not require advanced techniques or technical knowledge, even a small piece of information can give attackers an advantage to find more vulnerabilities or bugs.
There are simple measures that can be implemented to prevent the sharing of sensitive information.
The team’s understanding of both sensitive and non-sensitive information.
Code auditing involves reviewing the code for any information that may have been overlooked or neglected during the development or quality assurance phases.
When reviewing error messages, it is important to ensure that they are generic in nature. Minimize the areas vulnerable to attack.
To make u understand in a better way!
Step-1 Lets access the lab, and then we will use discover content and try to find the hidden directories or any endpoint.
Step-2 Now after discovering we will look into history tab.
Step-3 Here we can see that Product is getting parameter i.e 1, or we can say parameter/Productid.
Step-4 Now In this step we will place any string instead of number to see the response or error .
Step-5 here we can see that it leaks the version and from this we can look for CVE’s from exploit db and get a direct RCE.
Step-6 Now just submit the version. Also, we can use wapalyzer tool for the versions.
Step-1 Lets access this lab.
Step-2 In this step, we will use engagement tools and find for the comments .
Step-3 Here we have found the cgi-bin/php info .
Alternatively, view page source and you will get the same url.
Step-5 In Repeater, send the request to retrieve the file. Notice that it reveals various debugging information, including the SECRET_KEY environment variable.
Step-5 click “Submit solution”, and enter the SECRET_KEY to solve the lab.
Step-1 Right-click on the lab in the site map and go to “Engagement tools” > “Discover content”. Then, launch a content discovery session to discover the /backup directory and its contents.
Step-2 Here we have discovered a text (MIME type) . This is a backup directory.
Step-3 Notice that it contains the hard-coded password for a Postgres database. Go back to the lab, click “Submit solution”, and enter the database password to solve the lab.
Step-1 In URL try to access the /admin panel.The response discloses that the admin panel is only accessible if logged in as an administrator, or if requested from a local IP.
Intercept the request.
Send it to repeater.
Step-2 Now use the trace method to bypass the authorisation and we Study the response. Notice that the X-Custom-IP-Authorization header, containing your IP address, was automatically appended to your request. This is used to determine whether or not the request came from the localhost IP address.
Step-3 Go to “Proxy” > “Options”, scroll down to the “Match and Replace” section, and click “Add”. Leave the match condition blank, but in the “Replace” field, enter: X-Custom-IP-Authorization: 127.0.0.1
Burp Proxy will now add this header to every request you send.
Step-4 Browse to the home page. Notice that you now have access to the admin panel, where you can delete Carlos.
Step-1 Use the Discovery content to know the .git endpoint or use any of the discovery tool like ffuf , dirsearch, subfinder .
Step-2 Browse to /.git to reveal the lab’s Git version control data.
Step-3 Download a copy of this entire directory. For Linux users, the easiest way to do this is using the command: wget -r https://YOUR-LAB-ID.web-security-academy.net/.git/
Step -4 Follow up the commands.
Step-5 Now download the Git cola which is an open source.
Choose the desired location where you have downloaded .git
In the last step, all you have to do is go to commit and use undo last commit.
Now login with the provided password and user
So as of now we are only focusing toward the Burp Pro version, but if somehow you don’t have burp Pro then we have other open source tools which are a far way better.
Recent Comments